[PATCH] D37697: [scudo] Fix improper TSD init after TLS destructors are called
Kostya Kortchinsky via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Sep 11 09:09:29 PDT 2017
cryptoad created this revision.
Some of glibc's own thread local data is destroyed after a user's thread local
destructors are called, via __libc_thread_freeres. This might involve calling
free, as is the case for strerror_thread_freeres.
If there is no prior heap operation in the thread, this free would end up
initializing some thread specific data that would never be destroyed properly
(as user's pthread destructors have already been called), while still being
deallocated when the TLS goes away. As a result, a program could SEGV, usually
in __sanitizer::AllocatorGlobalStats::Unregister, where one of the doubly linked
list links would refer to a now unmapped memory area.
To prevent this from happening, we will not do a full initialization from the
deallocation path. This means that the fallback cache & quarantine will be used
if no other heap operation has been called, and we effectively prevent the TSD
being initialized and never destroyed. The TSD will be fully initialized for all
other paths.
In the event of a thread doing only frees and nothing else, a TSD would never
be initialized for that thread, but this situation is unlikely and we can live
with that.
https://reviews.llvm.org/D37697
Files:
lib/scudo/scudo_allocator.cpp
lib/scudo/scudo_tls.h
lib/scudo/scudo_tls_android.cpp
lib/scudo/scudo_tls_android.inc
lib/scudo/scudo_tls_linux.cpp
lib/scudo/scudo_tls_linux.inc
test/scudo/tsd_destruction.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D37697.114624.patch
Type: text/x-patch
Size: 5262 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20170911/51d9e481/attachment.bin>
More information about the llvm-commits
mailing list